The Real Threat to Internet Freedom Isn't the United Nations

Governments are cooperating on surveillance in other, less obvious ways.

Nadine Wolf protests the proposed Stop Online Piracy Act and Protect IP Act outside the offices of Sen. Charles Schumer and Sen. Kirsten Gillibrand on Jan. 18, 2012 in New York City

Photograph by Mario Tama/Getty Images

This article arises from Future Tense, a joint effort of Arizona State University, the New America Foundation, and Slate that looks at emerging technologies and their implications for policy and for society. On Thursday, Nov. 29, Future Tense will host an event in Washington, D.C., on the future of Internet governance. To learn more and to RSVP, visit the New America Foundation’s website. The event will also be streamed live.

Ryan Gallagher is a journalist who reports on surveillance, security, and civil liberties.

The Internet is often seen as a place of chaos and disorder, a borderless world in which anonymous trolls roam free and vigilante hackers wreak havoc. But as a crucial United Nations conference on the future of telecommunications looms next week, there are fears governments are secretly maneuvering to restructure and rein in the anarchic Web we have come to know and love, perhaps even ushering in a new era of pervasive surveillance. So just how real is the threat of change and what might it mean?

The International Telecommunications Union is meeting in Dubai on Dec. 3—its first summit since 1988—to update the current international telecommunications regulations treaty. The ITU is the UN agency for information and communications technologies, and its members include 193 countries from Afghanistan to Zimbabwe. The regulations are important because they set out the “general principles” intended to assure “the free flow of information internationally.” But a handful of member states—like Russia—are reportedly trying to use the upcoming conference to lobby for more control over the Internet, which some fear could help pave the way for greater surveillance, censorship, and data retention.

Advertisement

Leaked documents and a draft published by the ITU show proposals to monitor and filter spam or “malicious code.” Others make the case for the ability to block computers judged to “cause harm” to technical facilities or personnel; to establish designated “transit centers” that would offer a “termination service” for shutting off traffic to selected destinations; and to upgrade international laws governing how user data are retained. Internet freedom advocates believe such proposals, if approved, would be used by authoritarian countries as cover to justify draconian monitoring efforts involving the filtering of traffic.

Adding to these anxieties is the perceived secrecy around how the proposals have been drafted. Google last week launched a campaign calling the “closed-door” conference a potential assault on free expression. Other activist groups have taken things even further, agitating for a “global outcry” over what they say is “a panel of governments, giant corporations, and dictatorships” having “absolute power over the entire Internet, deciding in secret what you can see & do online.” The European Parliament has weighed in, warning the United Nations to steer clear of trying to control the Internet, and the U.S. government has also had strong words, commenting in one leaked document that some of the language used in the ITU proposals “does not make sense.”

But is the United Nations really plotting a clandestine Internet coup? Richard Hill, a counselor at the ITU who worked as an editor on the proposals, sounded agitated by the question, sharply dismissing what he called an inaccurate “frenzy of commentary” about the looming conference. Speaking on the phone from Dubai, Hill said claims any new regulations approved by the member states in December would lead to a crackdown on net freedom were “totally overblown” because the regulations are meant only as a guide and still have to be legislated at a national level. Further, free speech would be protected, he said, because any new regulation has to conform to both the ITU’s constitution, which enshrines the right to communicate, and Article 19 of the Convention of Political and Civil Rights, which enshrines free expression. (He did acknowledge some of the proposals for more government control of routing data were controversial, but said “these are just proposals; they’re going to be discussed.”)

Google counters that it is aggrieved that private-sector companies, civil society, and engineering organizations have no final say in decisions made by the conference that could ultimately determine—at least in part—the future trajectory of the Internet. The Center for Democracy and Technology takes a similar position. Ellery Roberts Biddle, a policy analyst at the CDT who will be speaking at the Nov. 29 Future Tense event on Internet governance in Washington, said she would prefer to see the ITU conference focus on improving access to information and communications technologies in developing countries, as opposed to trying to address content-related issues about filtering and cybersecurity.

2012 has been a big year for Internet activism: The mass protests against new cybersecurity and copyright laws seen as a threat to online freedom—like SOPA, PIPA, and ACTA—were unprecedented. In this latest case, however, the knee-jerk furor over the ITU conference seems to have been sparked by sensationalized tub-thumping that has overstated the threat it poses to freedom of expression. Given that there is such strong opposition to the handful of proposals related to content filtering and monitoring (including from the U.S. government), there is a slim chance these measures will ultimately be adopted by the ITU. Any new regulations have to be arrived at by consensus, meaning, as the ITU’s secretary general has said, “whatever one single country does not accept will not pass.”

But regardless of what happens with the ITU summit, a new era of augmented international cooperation over policing the Internet is on the horizon. That does not mean secretive U.N. governance of the Web—but instead an increasingly centralized and homogenized international surveillance infrastructure, with more sophisticated attempts to monitor online communications and closer cooperation between states when it comes to retaining data and tracking down suspects.

In a report published last month, the U.N. Office on Drugs and Crime called for greater surveillance of the Web internationally to help combat terrorism. The report outlined a series of practical measures aimed at helping legislators in countries worldwide to keep pace with new technologies. It illustrated how the use of Trojan spyware can help bypass encryption, called for a universally agreed framework for data retention, weighed up the pros and cons of blocking certain websites, and grumbled about how privacy legislation in some unnamed countries can inhibit the ability of law enforcement and intelligence agencies to share information with both national and foreign counterparts.

At the same time, the International Chamber of Commerce is calling for the introduction of centralized multicountry surveillance centers to help governments intercept communications and obtain data that are increasingly stored in cloud servers in a foreign jurisdiction. The ICC, a highly influential world business organization, would like to see a global standardization of surveillance and data retention laws, which is in line with what governments and telecom companies are already quietly working toward.

National laws will remain crucial when it comes to issues of oversight and accountability of how government agencies are allowed to control data flows and peer into communications. For instance, no matter what the outcome of the ITU conference—even if it were approve new regulations enshrining user privacy and human rights—countries such as Russia, Iran, and China will continue on a path towards constraining and controlling the Internet within their borders as much as is technically possible. But national surveillance programs will gradually, inevitably become important features of cross-border policing, with cybersecurity efforts resulting in pooled resources and greater collaboration between telecom companies and law enforcement agencies in countries across the world. One example of how this is already happening can be found in a recent report by the Washington-based Telecommunications Industry Association.The TIA, a trade group that represents telecom companies and works closely with law enforcement agencies like the FBI, has been pressuring India to create a “centralized monitoring system” and “install state-of-the-art legal intercept equipment.” (Indian authorities seem to have responded—in September they announced plans for a new “cyber surveillance agency” to monitor the Web.)

It’s not all plain sailing for governments—national or international—in pursuit of more control, though. By design the Internet is a contested terrain; for every act of surveillance or content blocking, there is a tool for circumvention. Complex encryption and anonymity software is almost by the day becoming more accessible, so unless countries hit the kill switch and shut off the Internet entirely, Web users will find ways to evade the prying eyes of online overlords. That’s why any attempt to tame the Internet’s anarchic spirit from the outset seems ultimately doomed to fail—and why the anonymous trolls and the vigilante hackers will still have a home, at least for now, like squatters who can’t be evicted.